CAPA: Corrective & Preventive Action
Systematically resolve quality issues and prevent recurrence with a structured CAPA process for ISO 9001 and beyond.
What is CAPA?
CAPA stands for Corrective Action / Preventive Action. It is a systematic approach used in quality management to investigate the root cause of nonconformances, implement corrections that eliminate the cause, and put preventive measures in place so the problem never recurs. CAPA is required by virtually every major quality standard - ISO 9001, IATF 16949, FDA 21 CFR Parts 211 and 820, AS9100, and GMP regulations all mandate a documented CAPA process.
The distinction between the two halves matters. A corrective action responds to something that already went wrong - a customer complaint, an audit finding, a rejected batch. A preventive action responds to a risk or trend identified before a failure occurs - an SPC trend approaching a limit, a near-miss, or a gap found during a process review. Both follow the same lifecycle: identify, investigate, determine root cause, implement action, verify effectiveness, and close. The difference is the trigger, not the method.
CAPA is not the same as correction
A correction fixes the immediate symptom - reworking a defective part, replacing a faulty sensor, re-training an operator. A corrective action eliminates the root cause so the defect cannot happen again. Most CAPA failures start here: organizations document the correction, label it a CAPA, and close it. Six months later the same problem returns because nobody addressed why it happened in the first place.
Why a structured CAPA process delivers lasting results
CAPA connects problem detection to problem elimination. Without it, organizations fix symptoms on repeat. With it, each issue makes the system stronger.
Problems are resolved permanently
A proper CAPA traces defects back to their root cause and verifies that the corrective action actually works. Organizations with mature CAPA systems report 50-70% fewer recurring nonconformances compared to those that rely on corrections alone.
Regulatory compliance is built in
ISO 9001 clause 10.2, IATF 16949 clause 10.2.3, FDA 21 CFR 820.90 - all require a documented CAPA process. A well-run CAPA system is not extra work for audits, it is the audit evidence. Inspectors check CAPA records first.
Quality costs decrease over time
Every recurring defect carries cost: scrap, rework, sorting, expedited shipping, complaint handling. CAPA breaks the cycle. The investment in root cause investigation pays back through reduced cost of poor quality (COPQ) within months.
Knowledge compounds across the organization
Each closed CAPA adds to an institutional knowledge base of what went wrong, why, and how it was fixed. New engineers, new plants, and new product launches benefit from lessons already learned.
Audit findings become improvement drivers
Without CAPA, audit findings generate paperwork. With CAPA, every finding triggers a structured investigation and a verified fix. Internal audits, supplier audits, and certification audits all feed into the same improvement engine.
Customer confidence grows
When a customer reports a defect and receives a CAPA with verified root cause, permanent corrective action, and effectiveness check, they see a supplier that takes quality seriously. In automotive and aerospace, CAPA response quality directly affects supplier scorecards.
The CAPA lifecycle step by step
The CAPA lifecycle begins with identification. A trigger event - a customer complaint, an internal audit nonconformance, a batch deviation, a trend in inspection data - is documented and evaluated for severity. Not every issue needs a full CAPA; minor corrections can be handled through standard deviation processes. But recurring issues, safety-relevant defects, and regulatory findings always require formal CAPA. Once initiated, the investigation phase determines the root cause using structured methods: 5 Whys, Ishikawa diagrams, fault tree analysis, or a full 8D report for complex problems.
With the root cause confirmed, the team defines corrective actions (to eliminate the cause) and preventive actions (to prevent occurrence in similar processes or products). Each action gets an owner and a deadline. After implementation, the critical step most organizations skip: effectiveness verification. This means checking - with data - that the corrective action actually worked. Did the defect rate drop to zero? Did the audit finding close without recurrence? Only after verified effectiveness is the CAPA closed. CAPA records are retained as quality records per ISO 9001 clause 7.5 and reviewed in management review meetings.
Implementing CAPA in your organization
From the first documented corrective action to a fully integrated CAPA management system - here is how to build a process that auditors respect and engineers trust.
Define CAPA triggers and severity criteria
Not everything is a CAPA. Define clear criteria for when a full CAPA is required vs. a simple correction. Typical CAPA triggers: customer complaints, audit nonconformances (major and repeat minor), batch rejections above threshold, safety incidents, and regulatory observations. Use a severity matrix to prioritize.
Establish a structured investigation method
Require root cause analysis for every CAPA - not just "operator error" or "training needed." Standardize on proven methods: 5 Whys for straightforward issues, Ishikawa for multi-factor problems, 8D for customer-facing complaints. Train your quality team and key production staff in these methods.
Separate correction from corrective action
Document both the immediate fix (correction/containment) and the systemic fix (corrective action) as distinct steps. The correction stops the bleeding; the corrective action prevents it from happening again. Auditors specifically check that organizations understand this difference.
Assign ownership with deadlines
Every CAPA action needs a named owner (not a department) and a realistic deadline. Track overdue actions visibly. Escalate CAPAs that miss their deadlines - an overdue CAPA is a management system failure, not just a quality department problem.
Verify effectiveness with data
Define upfront how you will measure whether the corrective action worked. Set a verification date - typically 30 to 90 days after implementation. Check the specific metric: zero recurrence, SPC data within limits, no repeat audit findings. If effectiveness is not confirmed, reopen the CAPA and investigate further.
Review CAPA trends in management review
ISO 9001 clause 9.3 requires management review to cover nonconformities and corrective actions. Present CAPA metrics: open vs. closed, average time to close, overdue rate, recurring issues, top root cause categories. Use this data to allocate resources where quality problems concentrate.
Common CAPA pitfalls - and how to avoid them
A CAPA process on paper is easy. A CAPA process that actually eliminates problems requires discipline in these four areas.
Root cause analysis is superficial
"Human error" and "lack of training" are symptoms, not root causes. Require at least a 5 Whys analysis for every CAPA. Ask: why did the process allow this error? Why was the training gap not detected? Why was there no poka-yoke? Push past the first answer until you reach a systemic cause that can be prevented.
Corrective actions are just more inspection
Adding an inspection step does not eliminate a root cause - it adds cost and catches defects after they occur. Effective corrective actions change the process so the defect cannot be produced: tooling modifications, poka-yoke devices, process parameter changes, design updates. If your most common corrective action is 'add inspection,' your CAPA process needs work.
Effectiveness verification is skipped or faked
Many organizations close CAPAs after implementing the action without checking if it worked. Define the verification method and date when the CAPA is opened. Use objective data: defect rates, audit results, process capability indices. If you cannot measure effectiveness, the corrective action was not specific enough.
CAPAs pile up and become a backlog
When organizations open CAPAs faster than they close them, the system loses credibility. Set realistic timelines at initiation. Review overdue CAPAs weekly. Prioritize by severity and customer impact. Consider whether low-severity items truly need a full CAPA or can be handled through simpler correction processes.
CAPA Digital with Mobile2b
Spreadsheet-based CAPA tracking loses visibility, misses deadlines, and fails audits. Mobile2b gives your CAPA process the structure and traceability auditors expect.
Structured CAPA workflow
Guided steps from initiation through root cause analysis, action definition, implementation, and effectiveness verification. Every CAPA follows the same lifecycle - no steps skipped, no shortcuts.
Root cause analysis integration
Built-in 5 Whys and Ishikawa templates linked directly to the CAPA record. The investigation and the corrective action live in one place, creating a complete audit trail from problem to solution.
Automated tracking and escalation
Deadline reminders, overdue alerts, and escalation workflows ensure no CAPA falls through the cracks. Dashboard views show open, overdue, and pending verification at a glance.
CAPA analytics and trend reporting
Analyze CAPA data by root cause category, source, product line, and department. Identify patterns that point to systemic issues. Feed CAPA metrics directly into management review reports.
Frequently Asked Questions About CAPA
Ready to close quality gaps for good?
See in a live demo how Mobile2b helps your team manage CAPAs from audit finding to verified effectiveness - digitally, traceably, and audit-ready.
Book a Demo